Hi Brian,

If just for the potential spam - there's also been viruses abusing the open
messenger port - I wouldn't let the service be wide open to anyone to write
to. However at least with Windows XP SP2 you can rather easily deploy some
firewall settings, which would allow you to block incoming traffic to the
port that the service is running on.

So basically just block the port from anyone but the single or few machines
that need to be able to use the 'net send' functionality if you must use it
:)

Regards,
r@smus

-----Original Message-----
From: deadly.halo (at) gmail (dot) com [email concealed] [mailto:deadly.halo (at) gmail (dot) com [email concealed]]
Sent: 2. juni 2005 21:20
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Using Messenger Service for 'Net Send' Functionality --- Dangerous?
Why?

A fellow network administrator at the company I work for is interested in
implementing a system that utilizes the Messenger Service (not to be
confused with the MS Messenger chat tool) to initiate Net Send notifications
to clients throughout the user community. Our network hosts consist of
Windows 2000/XP machines (XP has the service disabled by default, 2000 may
as well). I remember that there was a large vulnerability reported at the
end of 2003 regarding the Messenger Service. I know that the issue was
addressed in subsequent service packs, but this doesn't necessarily mean
it's a good idea to use it.

Bottom line; I'm concerned that enabling the Messenger Service throughout
the network will open our environment to security vulnerabilities. What are
you thoughts? Any know issues at this time? Your input would be greatly
appreciated.

Regards,

Brian

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]